HOME

TheInfoList



Click Here for Items Related To - software taggant
OR:
software taggant on:   [Wikipedia]   [Google]   [Amazon]

A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
(PKI) techniques and were introduced by the Industry Connections Security Group of
IEEE The Institute of Electrical and Electronics Engineers (IEEE) is an American 501(c)(3) organization, 501(c)(3) public charity professional organization for electrical engineering, electronics engineering, and other related disciplines. The IEEE ...
in an attempt to control proliferation of
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
obfuscated via
executable compression Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original ...
(runtime packers). The concept of a PKI-based system to mitigate runtime packer abuse was introduced in 2010 and described in a
Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...
presentation by Mark Kennedy and Igor Muttik. The term was proposed by Arun Lakhotia (due to its similarities with chemical taggants) who also analyzed the economics of a packer ecosystem. A software taggant is a form of
code signing Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to va ...
somewhat similar to
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
's Authenticode. The key differences between a software taggant and Authenticode are that the transparent and free addition of a software taggant for the end user of a runtime packer. Also, a software taggant may cover small critical areas of the program to minimize the cost of software integrity checking. To contrast, Authenticode always covers nearly the entire file so the cost of checking linearly depends on the file size. The software taggant project is run by Industry Connections Security Group and has open-source nature - it is hosted on
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
and relies on
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...
. Software taggants also help to legitimate software from malware which also utilize anti-tampering methods.


References

{{Computer-security-stub Cryptographic algorithms